def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here # vpc network vpc = aws_ec2.CfnVPC(self, 'vpc', cidr_block='10.0.0.0/16', enable_dns_hostnames=True, enable_dns_support=True, instance_tenancy='default', tags=[core.CfnTag(key='Name',value='vpc')]) internetgateway = aws_ec2.CfnInternetGateway(self, 'internetgateway', tags=[core.CfnTag(key='Name',value='internetgateway')]) aws_ec2.CfnVPCGatewayAttachment(self, 'VPCGatewayAttachment', vpc_id=vpc.ref, internet_gateway_id=internetgateway.ref) # public network publicsubnet01 = aws_ec2.CfnSubnet(self, 'publicsubnet01', cidr_block='10.0.0.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='publicsubnet01')]) publicsubnet02 = aws_ec2.CfnSubnet(self, 'publicsubnet02', cidr_block='10.0.1.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='publicsubnet02')]) publicsubnet03 = aws_ec2.CfnSubnet(self, 'publicsubnet03', cidr_block='10.0.2.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='publicsubnet03')]) publicroutetable01 = aws_ec2.CfnRouteTable(self, 'publicroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable01')]) publicroutetable02 = aws_ec2.CfnRouteTable(self, 'publicroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable02')]) publicroutetable03 = aws_ec2.CfnRouteTable(self, 'publicroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='publicroutetable03')]) aws_ec2.CfnRoute(self, 'publicroute01', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable01.ref,) aws_ec2.CfnRoute(self, 'publicroute02', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable02.ref) aws_ec2.CfnRoute(self, 'publicroute03', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable03.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation01', route_table_id=publicroutetable01.ref, subnet_id=publicsubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation02', route_table_id=publicroutetable02.ref, subnet_id=publicsubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'publicsubnetroutetableassociation03', route_table_id=publicroutetable03.ref, subnet_id=publicsubnet03.ref) # private network privatesubnet01 = aws_ec2.CfnSubnet(self, 'privatesubnet01', cidr_block='10.0.11.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='privatesubnet01')]) privatesubnet02 = aws_ec2.CfnSubnet(self, 'privatesubnet02', cidr_block='10.0.12.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='privatesubnet02')]) privatesubnet03 = aws_ec2.CfnSubnet(self, 'privatesubnet03', cidr_block='10.0.13.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='privatesubnet03')]) privateroutetable01 = aws_ec2.CfnRouteTable(self, 'privateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable01')]) privateroutetable02 = aws_ec2.CfnRouteTable(self, 'privateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable02')]) privateroutetable03 = aws_ec2.CfnRouteTable(self, 'privateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='privateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation01', route_table_id=privateroutetable01.ref, subnet_id=privatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation02', route_table_id=privateroutetable02.ref, subnet_id=privatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'privatesubnetroutetableassociation03', route_table_id=privateroutetable03.ref, subnet_id=privatesubnet03.ref) eip01 = aws_ec2.CfnEIP(self, 'eip01', tags=[core.CfnTag(key='Name',value='eip01')]) eip02 = aws_ec2.CfnEIP(self, 'eip02', tags=[core.CfnTag(key='Name',value='eip02')]) eip03 = aws_ec2.CfnEIP(self, 'eip03', tags=[core.CfnTag(key='Name',value='eip03')]) natgateway01 = aws_ec2.CfnNatGateway(self, 'natgateway01', allocation_id=eip01.attr_allocation_id, subnet_id=publicsubnet01.ref, tags=[core.CfnTag(key='Name',value='natgateway01')]) natgateway02 = aws_ec2.CfnNatGateway(self, 'natgateway02', allocation_id=eip02.attr_allocation_id, subnet_id=publicsubnet02.ref, tags=[core.CfnTag(key='Name',value='natgateway02')]) natgateway03 = aws_ec2.CfnNatGateway(self, 'natgateway03', allocation_id=eip03.attr_allocation_id, subnet_id=publicsubnet03.ref, tags=[core.CfnTag(key='Name',value='natgateway03')]) aws_ec2.CfnRoute(self, 'privateroute01', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway01.ref, route_table_id=privateroutetable01.ref) aws_ec2.CfnRoute(self, 'privateroute02', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway02.ref, route_table_id=privateroutetable02.ref) aws_ec2.CfnRoute(self, 'privateroute03', destination_cidr_block='0.0.0.0/0' ,nat_gateway_id=natgateway03.ref, route_table_id=privateroutetable03.ref) # isolate network isolatesubnet01 = aws_ec2.CfnSubnet(self, 'isolatesubnet01', cidr_block='10.0.21.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name',value='isolatesubnet01')]) isolatesubnet02 = aws_ec2.CfnSubnet(self, 'isolatesubnet02', cidr_block='10.0.22.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name',value='isolatesubnet02')]) isolatesubnet03 = aws_ec2.CfnSubnet(self, 'isolatesubnet03', cidr_block='10.0.23.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name',value='isolatesubnet03')]) isolateroutetable01 = aws_ec2.CfnRouteTable(self, 'isolateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable01')]) isolateroutetable02 = aws_ec2.CfnRouteTable(self, 'isolateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable02')]) isolateroutetable03 = aws_ec2.CfnRouteTable(self, 'isolateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name',value='isolateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation01', route_table_id=isolateroutetable01.ref, subnet_id=isolatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation02', route_table_id=isolateroutetable02.ref, subnet_id=isolatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation03', route_table_id=isolateroutetable03.ref, subnet_id=isolatesubnet03.ref)
def create_nat_gateway(self, subnet_dictionary, elastic_ip): # NatGateway nat_gateway = _ec2.CfnNatGateway( self, 'CfnNatGateway', allocation_id=elastic_ip.attr_allocation_id, subnet_id=subnet_dictionary.get('DEMO-PUBLIC-SUBNET-A').ref, tags=[CfnTag( key='Name', value='DEMO-NAT-GATEWAY', )]) return nat_gateway
def create_nat_gateway(scope: core.Construct, vpc: aws_ec2.CfnVPC, subnet: aws_ec2.CfnSubnet) -> aws_ec2.CfnNatGateway: prefix = scope.node.try_get_context("prefix") az_end = subnet.availability_zone[-2:] eip = aws_ec2.CfnEIP(scope, f'{prefix}-eip-{az_end}') nat_gateway = aws_ec2.CfnNatGateway( scope, f'{prefix}-nat-{az_end}', allocation_id=eip.attr_allocation_id, subnet_id=subnet.ref, tags=[core.CfnTag( key='Name', value=f'{prefix}-nat-{az_end}', )], ) return nat_gateway
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id) self._id = id self._eip = kwargs['eip_attr_allocation_id'] self._subnet_id = kwargs['subnet_id'] try: kwargs['tags'] except: self._tags_wk = None else: self._tags_wk = [ core.CfnTag(key=kwargs['tags'][i]['key'], value=kwargs['tags'][i]['value']) if kwargs['tags'] else None for i in range(len(kwargs['tags'])) ] self._natgateway = aws_ec2.CfnNatGateway( self, self._id, allocation_id=self._eip.attr_allocation_id, subnet_id=self._subnet_id.ref, tags=self._tags_wk)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # vpc = ec2.Vpc(self, "VPC", # cidr = "10.1.0.0/16", # max_azs = 2, # subnet_configuration =[ # ec2.SubnetConfiguration(name='edx-subnet-Public', subnet_type=ec2.SubnetType.PUBLIC, cidr_mask=24), # ec2.SubnetConfiguration(name='edx-subnet-Private', subnet_type=ec2.SubnetType.PRIVATE, cidr_mask=24), # ] # ) # core.Tag.add(vpc, key = "Name", value = "edx-build-aws-vpc") # core.Tag.add(vpc.public_subnets[0], key = "Name", value = "edx-subnet-public-a") # core.Tag.add(vpc.public_subnets[1], key = "Name", value = "edx-subnet-public-b") # core.Tag.add(vpc.private_subnets[0], key = "Name", value = "edx-subnet-public-a") # core.Tag.add(vpc.private_subnets[1], key = "Name", value = "edx-subnet-public-b") # Exercise 3 # Create VPC vpc = ec2.CfnVPC(self, "VPC", cidr_block="10.1.0.0/16", tags=[{ "key": "Name", "value": "edx-build-aws-vpc" }]) # Create Internet Gateway internet_gateway = ec2.CfnInternetGateway(self, "InternetGateway", tags=[{ "key": "Name", "value": "edx-igw" }]) # Attach Gateway attach_gateway = ec2.CfnVPCGatewayAttachment( self, "AttachGateway", vpc_id=vpc.ref, internet_gateway_id=internet_gateway.ref) # Create EIP1 eip_1 = ec2.CfnEIP(self, "EIP1", domain="vpc") # Create Public Subnet 1 public_subnet_1 = ec2.CfnSubnet(self, "PublicSubnet1", availability_zone=core.Fn.select( 0, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.1.0/24", vpc_id=vpc.ref, map_public_ip_on_launch=True, tags=[{ "key": "Name", "value": "edx-subnet-public-a" }]) # Create Nat Gateway 1 nat_gateway_1 = ec2.CfnNatGateway( self, "NatGateway1", allocation_id=eip_1.attr_allocation_id, subnet_id=public_subnet_1.ref) # Create Private Route Table 1 private_route_table_1 = ec2.CfnRouteTable(self, "PrivateRouteTable1", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-routetable-private1" }]) # Create Private Route 1 private_route_1 = ec2.CfnRoute( self, "PrivateRoute1", route_table_id=private_route_table_1.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=nat_gateway_1.ref) # Create EIP2 eip_2 = ec2.CfnEIP(self, "EIP2", domain="vpc") # Create Public Subnet 2 public_subnet_2 = ec2.CfnSubnet(self, "PublicSubnet2", availability_zone=core.Fn.select( 1, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.2.0/24", vpc_id=vpc.ref, map_public_ip_on_launch=True, tags=[{ "key": "Name", "value": "edx-subnet-public-b" }]) # Create Nat Gateway 2 nat_gateway_2 = ec2.CfnNatGateway( self, "NatGateway2", allocation_id=eip_2.attr_allocation_id, subnet_id=public_subnet_2.ref) # Create Private Route Table 2 private_route_table_2 = ec2.CfnRouteTable(self, "PrivateRouteTable2", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-routetable-private2" }]) # Create Private Route 2 private_route_2 = ec2.CfnRoute( self, "PrivateRoute2", route_table_id=private_route_table_2.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=nat_gateway_2.ref) # Create Public Route Table public_route_table = ec2.CfnRouteTable(self, "PublicRouteTable", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-routetable-public" }]) # Create Public Default Route public_default_route = ec2.CfnRoute( self, "PublicDefaultRoute", route_table_id=public_route_table.ref, destination_cidr_block="0.0.0.0/0", gateway_id=internet_gateway.ref) # Create Public Route Association 1 public_route_association_1 = ec2.CfnSubnetRouteTableAssociation( self, "PublicRouteAssociation1", route_table_id=public_route_table.ref, subnet_id=public_subnet_1.ref) # Create Public Route Association 12 public_route_association_2 = ec2.CfnSubnetRouteTableAssociation( self, "PublicRouteAssociation2", route_table_id=public_route_table.ref, subnet_id=public_subnet_2.ref) # Create Private Subnet 1 private_subnet_1 = ec2.CfnSubnet(self, "PrivateSubnet1", availability_zone=core.Fn.select( 0, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.3.0/24", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-subnet-private-a" }]) # Create Private Subnet 2 private_subnet_2 = ec2.CfnSubnet(self, "PrivateSubnet2", availability_zone=core.Fn.select( 1, core.Fn.get_azs(core.Aws.REGION)), cidr_block="10.1.4.0/24", vpc_id=vpc.ref, tags=[{ "key": "Name", "value": "edx-subnet-private-b" }]) # Create Private Route Association 1 private_route_association_1 = ec2.CfnSubnetRouteTableAssociation( self, "PrivateRouteAssociation1", route_table_id=private_route_table_1.ref, subnet_id=private_subnet_1.ref) # Create Private Route Association 2 private_route_association_1 = ec2.CfnSubnetRouteTableAssociation( self, "PrivateRouteAssociation2", route_table_id=private_route_table_2.ref, subnet_id=private_subnet_2.ref) # Output core.CfnOutput(self, "VPCOutput", value=vpc.ref, description="VPC", export_name="VPC") core.CfnOutput(self, "PublicSubnet1Output", value=public_subnet_1.ref, description="PublicSubnet1", export_name="PublicSubnet1") core.CfnOutput(self, "PublicSubnet2Output", value=public_subnet_2.ref, description="PublicSubnet2", export_name="PublicSubnet2") core.CfnOutput(self, "PrivateSubnet1Output", value=private_subnet_1.ref, description="PrivateSubnet1", export_name="PrivateSubnet1") core.CfnOutput(self, "PrivateSubnet2Output", value=private_subnet_2.ref, description="PrivateSubnet2", export_name="PrivateSubnet2")
def __init__(self, scope: core.Construct, id: str, data, iam_vars) -> None: super().__init__(scope, id) # VPC vpc = ec2.CfnVPC(self, "cdk-vpc", cidr_block=data["vpc"]) igw = ec2.CfnInternetGateway(self, id="igw") ec2.CfnVPCGatewayAttachment(self, id="igw-attach", vpc_id=vpc.ref, internet_gateway_id=igw.ref) public_route_table = ec2.CfnRouteTable(self, id="public_route_table", vpc_id=vpc.ref) ec2.CfnRoute(self, id="public_route", route_table_id=public_route_table.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref) public_subnets = [] for i, s in enumerate(data["subnets"]["public"]): subnet = ec2.CfnSubnet(self, id="public_{}".format(s), cidr_block=s, vpc_id=vpc.ref, availability_zone=core.Fn.select( i, core.Fn.get_azs()), map_public_ip_on_launch=True) public_subnets.append(subnet) ec2.CfnSubnetRouteTableAssociation( self, id="public_{}_association".format(s), route_table_id=public_route_table.ref, subnet_id=subnet.ref) eip = ec2.CfnEIP(self, id="natip") nat = ec2.CfnNatGateway(self, id="nat", allocation_id=eip.attr_allocation_id, subnet_id=public_subnets[0].ref) private_route_table = ec2.CfnRouteTable(self, id="private_route_table", vpc_id=vpc.ref) ec2.CfnRoute(self, id="private_route", route_table_id=private_route_table.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=nat.ref) private_subnets = [] for i, s in enumerate(data["subnets"]["private"]): subnet = ec2.CfnSubnet(self, id="private_{}".format(s), cidr_block=s, vpc_id=vpc.ref, availability_zone=core.Fn.select( i, core.Fn.get_azs()), map_public_ip_on_launch=False) private_subnets.append(subnet) ec2.CfnSubnetRouteTableAssociation( self, id="private_{}_association".format(s), route_table_id=private_route_table.ref, subnet_id=subnet.ref) # Security groups lb_sg = ec2.CfnSecurityGroup(self, id="lb", group_description="LB SG", vpc_id=vpc.ref) lambda_sg = ec2.CfnSecurityGroup(self, id="lambda", group_description="Lambda SG", vpc_id=vpc.ref) public_prefix = ec2.CfnPrefixList(self, id="cidr_prefix", address_family="IPv4", max_entries=1, prefix_list_name="public", entries=[{ "cidr": "0.0.0.0/0", "description": "Public" }]) _sg_rules = [{ 'sg': lb_sg.attr_group_id, 'rules': [{ "direction": "ingress", "description": "HTTP from Internet", "from_port": 80, "to_port": 80, "protocol": "tcp", "cidr_blocks": public_prefix.ref }, { "direction": "egress", "description": "LB to Lambda", "from_port": 80, "to_port": 80, "protocol": "tcp", "source_security_group_id": lambda_sg.attr_group_id }] }, { "sg": lambda_sg.attr_group_id, "rules": [{ "direction": "ingress", "description": "HTTP from LB", "from_port": 80, "to_port": 80, "protocol": "tcp", "source_security_group_id": lb_sg.attr_group_id }, { "direction": "egress", "description": "All to Internet", "from_port": 0, "to_port": 65535, "protocol": "tcp", "cidr_blocks": public_prefix.ref }] }] for ruleset in _sg_rules: for rule in ruleset["rules"]: if rule["direction"] == "ingress": ec2.CfnSecurityGroupIngress( self, id=rule["description"].replace(" ", "_"), description=rule["description"], to_port=rule["to_port"], from_port=rule["from_port"], ip_protocol=rule["protocol"], group_id=ruleset["sg"], source_prefix_list_id=rule["cidr_blocks"] if "cidr_blocks" in rule else None, source_security_group_id=rule[ "source_security_group_id"] if "source_security_group_id" in rule else None) else: ec2.CfnSecurityGroupEgress( self, id=rule["description"].replace(" ", "_"), description=rule["description"], to_port=rule["to_port"], from_port=rule["from_port"], ip_protocol=rule["protocol"], group_id=ruleset["sg"], destination_prefix_list_id=rule["cidr_blocks"] if "cidr_blocks" in rule else None, destination_security_group_id=rule[ "source_security_group_id"] if "source_security_group_id" in rule else None) # IAM assume_policy_doc = iam.PolicyDocument() for statement in iam_vars["assume"]["Statement"]: _statement = iam.PolicyStatement(actions=[statement["Action"]], ) _statement.add_service_principal(statement["Principal"]["Service"]) assume_policy_doc.add_statements(_statement) role = iam.CfnRole(self, id="iam_role", path="/", assume_role_policy_document=assume_policy_doc) role_policy_doc = iam.PolicyDocument() for statement in iam_vars["policy"]["Statement"]: _statement = iam.PolicyStatement(actions=statement["Action"], resources=["*"]) role_policy_doc.add_statements(_statement) policy = iam.CfnPolicy(self, id="iam_policy", policy_document=role_policy_doc, policy_name="cdkPolicy", roles=[role.ref]) # Lambda shutil.make_archive("../lambda", 'zip', "../lambda/") s3_client = boto3.client('s3') s3_client.upload_file("../lambda.zip", "cloudevescops-zdays-demo", "cdk.zip") function = lmd.CfnFunction(self, id="lambda_function", handler="lambda.lambda_handler", role=role.attr_arn, runtime="python3.7", code={ "s3Bucket": "cloudevescops-zdays-demo", "s3Key": "cdk.zip" }, vpc_config={ "securityGroupIds": [lambda_sg.ref], "subnetIds": [s.ref for s in private_subnets] }, environment={"variables": { "TOOL": "CDK" }}) # LB lb = alb.CfnLoadBalancer(self, id="alb", name="lb-cdk", scheme="internet-facing", type="application", subnets=[s.ref for s in public_subnets], security_groups=[lb_sg.ref]) lmd.CfnPermission(self, id="lambda_permis", action="lambda:InvokeFunction", function_name=function.ref, principal="elasticloadbalancing.amazonaws.com") tg = alb.CfnTargetGroup(self, id="alb_tg", name="lambda-cdk", target_type="lambda", health_check_enabled=True, health_check_interval_seconds=40, health_check_path="/", health_check_timeout_seconds=30, targets=[{ "id": function.get_att("Arn").to_string() }], matcher={"httpCode": "200"}) alb.CfnListener(self, id="listener", default_actions=[{ "type": "forward", "targetGroupArn": tg.ref }], load_balancer_arn=lb.ref, port=80, protocol="HTTP") core.CfnOutput(self, id="fqdn", value=lb.attr_dns_name)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Contexts PRJ = self.node.try_get_context("prj") CIDR_VPC = self.node.try_get_context("cidr-out-vpc") CIDR_NGW_SUBNET = self.node.try_get_context("cidr-out-ngw-subnet") CIDR_TGW_SUBNET = self.node.try_get_context("cidr-out-tgw-subnet") # Parameters # Functions def nametag(x): return core.CfnTag(key="Name", value="{}/{}".format(PRJ, x)) # ### Resources # VPC self.vpc = ec2.CfnVPC(self, "vpc", cidr_block=CIDR_VPC, tags=[nametag("outVpc")]) # Ngw Subnet self.ngw_subnet = ec2.CfnSubnet(self, "ngwSubnet", cidr_block=CIDR_NGW_SUBNET, vpc_id=self.vpc.ref, map_public_ip_on_launch=False, availability_zone="ap-northeast-1a", tags=[nametag("outNgwSubnet")]) # Tgw Subnet self.tgw_subnet = ec2.CfnSubnet(self, "tgwSubnet", cidr_block=CIDR_TGW_SUBNET, vpc_id=self.vpc.ref, map_public_ip_on_launch=False, availability_zone="ap-northeast-1a", tags=[nametag("outTgwSubnet")]) # IGW self.igw = ec2.CfnInternetGateway(self, "igw", tags=[nametag("outIgw")]) igw_attachment = ec2.CfnVPCGatewayAttachment( self, "igwAttachment", vpc_id=self.vpc.ref, internet_gateway_id=self.igw.ref) # EIP for NATGW eip = ec2.CfnEIP(self, "eip", domain="vpc", tags=[nametag("outNatgwEip")]) eip.add_depends_on(igw_attachment) # NATGW self.natgw = ec2.CfnNatGateway(self, "natgw", allocation_id=eip.attr_allocation_id, subnet_id=self.ngw_subnet.ref, tags=[nametag("outNatgw")]) # RouteTable(NGW Subnet) self.ngw_rtb = ec2.CfnRouteTable(self, "ngwRtb", vpc_id=self.vpc.ref, tags=[nametag("outNgwRtb")]) ec2.CfnSubnetRouteTableAssociation(self, "ngwRtbAssoc", route_table_id=self.ngw_rtb.ref, subnet_id=self.ngw_subnet.ref) # RouteTable(TGW Subnet) self.tgw_rtb = ec2.CfnRouteTable(self, "tgwRtb", vpc_id=self.vpc.ref, tags=[nametag("outTgwRtb")]) ec2.CfnSubnetRouteTableAssociation(self, "tgwRtbAssoc", route_table_id=self.tgw_rtb.ref, subnet_id=self.tgw_subnet.ref)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) vpc = ec2.Vpc(self, id="MyVPC", nat_gateways=0, cidr="192.168.0.0/20", max_azs=3, subnet_configuration=[]) pub_subnet = ec2.PublicSubnet(self, id="PublicSubnet", availability_zone="eu-central-1c", cidr_block="192.168.0.0/24", vpc_id=vpc.vpc_id, map_public_ip_on_launch=True) igw = ec2.CfnInternetGateway( self, id="MyIGW", tags=[core.CfnTag(key="Name", value="IGW")]) ec2.CfnVPCGatewayAttachment(self, id="IGW_Assoc", vpc_id=vpc.vpc_id, internet_gateway_id=igw.ref) pub_subnet.add_route(id="default_route-sub01", router_id=igw.ref, router_type=ec2.RouterType('GATEWAY'), destination_cidr_block="0.0.0.0/0", enables_internet_connectivity=True) # Elastic IP eip_01 = ec2.CfnEIP(self, id="EIP01") # NAT gateway ngw = ec2.CfnNatGateway(self, id="NAT_GW", allocation_id=eip_01.attr_allocation_id, subnet_id=pub_subnet.subnet_id, tags=[core.CfnTag(key="Name", value="NAT_GW")]) subnet01 = ec2.Subnet(self, id="Subnet01", availability_zone="eu-central-1a", cidr_block="192.168.1.0/24", vpc_id=vpc.vpc_id, map_public_ip_on_launch=False) subnet02 = ec2.Subnet(self, id="Subnet02", availability_zone="eu-central-1b", cidr_block="192.168.2.0/24", vpc_id=vpc.vpc_id, map_public_ip_on_launch=False) subnet01.add_route(id="default_route-sub01", router_id=ngw.ref, router_type=ec2.RouterType('NAT_GATEWAY'), destination_cidr_block="0.0.0.0/0", enables_internet_connectivity=True) subnet02.add_route(id="default_route-sub02", router_id=ngw.ref, router_type=ec2.RouterType('NAT_GATEWAY'), destination_cidr_block="0.0.0.0/0", enables_internet_connectivity=True) sg_lb = ec2.CfnSecurityGroup( self, id="SG_ALB", group_description="SG for the APP LB", group_name="SG_ALB", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="SG_ALB")]) sg_ec2i = ec2.CfnSecurityGroup( self, id="SG_Instances", group_description="SG for the Instances", group_name="SG_Instances", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="SG_Instances")]) # my_home_ip = requests.get("https://api.ipify.org").text my_home_ip = "94.112.113.195" ports_pub = {'tcp': [22, 80], 'icmp': [-1]} for protocol, ports_list in ports_pub.items(): for port in ports_list: ec2.CfnSecurityGroupIngress( self, id=f"sg_alb_in_{protocol}_{port}", group_id=sg_lb.attr_group_id, ip_protocol=protocol, cidr_ip=f"{my_home_ip}/32", to_port=port, from_port=port, description=f"{protocol.upper()} {port} from home IP") ec2.CfnSecurityGroupIngress( self, id=f"sg_ec2i_in_{protocol}_{port}", group_id=sg_ec2i.attr_group_id, ip_protocol=protocol, to_port=port, from_port=port, source_security_group_id=sg_lb.ref, description=f"{protocol.upper()} {port} from the ALB SG") with open( "/home/dragos/Documents/AWS_CDK/app_lb_sample/app_lb_sample/configure.sh", 'r') as config_file: ud = core.Fn.base64(config_file.read()) bastion_host = ec2.CfnInstance( self, id="bastion", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=pub_subnet.subnet_id, key_name="proton_mail_kp", security_group_ids=[sg_lb.ref], tags=[core.CfnTag(key="Name", value="bastion")]) instance01 = ec2.CfnInstance( self, id="WebServer01", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=subnet01.subnet_id, key_name="proton_mail_kp", security_group_ids=[sg_ec2i.ref], user_data=ud, tags=[core.CfnTag(key="Name", value="WebServer01")]) instance02 = ec2.CfnInstance( self, id="WebServer02", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=subnet02.subnet_id, key_name="proton_mail_kp", security_group_ids=[sg_ec2i.ref], user_data=ud, tags=[core.CfnTag(key="Name", value="WebServer02")]) # health_check = elbv2.HealthCheck(enabled=True, # healthy_http_codes="200", # path="/index.html", # protocol=elbv2.Protocol("HTTP")) target01 = elbv2.CfnTargetGroup.TargetDescriptionProperty( id=instance01.ref) target02 = elbv2.CfnTargetGroup.TargetDescriptionProperty( id=instance02.ref) tg = elbv2.CfnTargetGroup( self, id="TG-WEB-HTTP", name="TG-WEB-HTTP", health_check_enabled=True, health_check_path="/index.html", health_check_port="80", matcher=elbv2.CfnTargetGroup.MatcherProperty(http_code="200"), port=80, protocol="HTTP", # CASE SENSITIVE target_type="instance", # CASE SENSITIVE targets=[target01, target02], vpc_id=vpc.vpc_id) alb = elbv2.CfnLoadBalancer( self, id="MyALB-HTTP", ip_address_type="ipv4", name="MyALB-HTTP", scheme="internet-facing", security_groups=[sg_lb.ref], type="application", subnets=[subnet01.subnet_id, subnet02.subnet_id]) def_act = Listener.ActionProperty(type="forward", authenticate_cognito_config=None, authenticate_oidc_config=None, fixed_response_config=None, forward_config=None, order=50000, redirect_config=None, target_group_arn=tg.ref) listener = elbv2.CfnListener(self, id="Listener01", load_balancer_arn=alb.ref, port=80, protocol="HTTP", default_actions=[def_act])
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # Create an empty VPC # If you don't specify any other resources EXCEPT the VPC, there's a standard template applied vpc = ec2.Vpc( self, id="MyVPC", nat_gateways=0, cidr="192.168.0.0/20", max_azs=1, subnet_configuration=[], ) # A couple of subnets app_subnet = ec2.CfnSubnet( self, id="Application", vpc_id=vpc.vpc_id, availability_zone="eu-central-1a", cidr_block="192.168.1.0/24", map_public_ip_on_launch=False, tags=[core.CfnTag(key="Name", value="Application")]) web_subnet = ec2.CfnSubnet( self, id="Webhost", vpc_id=vpc.vpc_id, availability_zone="eu-central-1b", cidr_block="192.168.2.0/24", map_public_ip_on_launch=True, tags=[core.CfnTag(key="Name", value="WebHost")]) # A couple of route tables private_rt = ec2.CfnRouteTable( self, id="Private_RT", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="Private_RT")]) public_rt = ec2.CfnRouteTable( self, id="Public_RT", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="Public_RT")]) # How to associate a subnet with a route table ec2.CfnSubnetRouteTableAssociation(self, id="WebHostRTAssoc", subnet_id=web_subnet.ref, route_table_id=public_rt.ref) ec2.CfnSubnetRouteTableAssociation(self, id="ApplicationRTAssoc", subnet_id=app_subnet.ref, route_table_id=private_rt.ref) # A gateway (Internet Gateway in this case) igw = ec2.CfnInternetGateway( self, id="MyIGW", tags=[core.CfnTag(key="Name", value="IGW")]) # How to associate a gateway to a VPC (IGW in this case - for VGW use vpn_gateway_id=blablabla) ec2.CfnVPCGatewayAttachment(self, id="IGW_Assoc", vpc_id=vpc.vpc_id, internet_gateway_id=igw.ref) # Elastic IP eip_01 = ec2.CfnEIP(self, id="EIP01") # NAT gateway ngw = ec2.CfnNatGateway(self, id="NAT_GW", allocation_id=eip_01.attr_allocation_id, subnet_id=web_subnet.ref, tags=[core.CfnTag(key="Name", value="NAT_GW")]) ngw.add_depends_on(eip_01) # Add a route to a route table default_route_public = ec2.CfnRoute(self, id="DefaultRoutePublic", route_table_id=public_rt.ref, destination_cidr_block="0.0.0.0/0", gateway_id=igw.ref) default_route_public.add_depends_on(igw) default_route_private = ec2.CfnRoute( self, id="DefaultRouteprivate", route_table_id=private_rt.ref, destination_cidr_block="0.0.0.0/0", nat_gateway_id=ngw.ref) default_route_private.add_depends_on(ngw) ### Security Groups ### # PUBLIC SUBNET SG sg_public = ec2.CfnSecurityGroup( self, id="SG_PUBLIC", group_description="SG for the Public Subnet", group_name="SG_PUBLIC", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="SG_Public")]) my_home_ip = requests.get("https://api.my-ip.io/ip.json").json()['ip'] ports_pub = {'tcp': [22, 80], 'icmp': [-1]} for protocl, ports_list in ports_pub.items(): for port in ports_list: ec2.CfnSecurityGroupIngress( self, id=f"sg_pub_in_{protocl}_{port}", group_id=sg_public.attr_group_id, ip_protocol=protocl, cidr_ip=f"{my_home_ip}/32", to_port=port, from_port=port, description=f"{protocl.upper()} {port} from home IP") # SG INGRESS ENTRIES - ICMP - EXAMPLE # sg_in_icmp = ec2.CfnSecurityGroupIngress(self, id="SG_PUB_IN_ICMP", # group_id=sg_public.attr_group_id, # ip_protocol = "icmp", # cidr_ip = f"{my_home_ip}/32", # to_port = -1, # from_port = -1, # description = "ICMP FROM HOME") # SG EGRESS ENTRIES - AUTO-IMPLIED IF NOT CONFIGURED # sg_out_all = ec2.CfnSecurityGroupEgress(self, id="SG_PUB_OUT_ALL", # group_id=sg_public.attr_group_id, # ip_protocol="-1", # cidr_ip="0.0.0.0/0") # PRIVATE SUBNET SG sg_private = ec2.CfnSecurityGroup( self, id="SG_PRIVATE", group_description="SG for the Private Subnet", group_name="SG_PRIVATE", vpc_id=vpc.vpc_id, tags=[core.CfnTag(key="Name", value="SG_Private")]) sg_private.add_depends_on(sg_public) ports_priv = {'tcp': [22, 21, 53, 3368, 80], 'icmp': [-1]} for protocl, ports_list in ports_priv.items(): for port in ports_list: ec2.CfnSecurityGroupIngress( self, id=f"sg_priv_in_{protocl}_{port}", group_id=sg_private.attr_group_id, description= f"{protocl.upper()}:{port} from the public subnet only", ip_protocol=protocl, from_port=port, to_port=port, source_security_group_id=sg_public.ref) ### EC2 Instances ### # Generate some user data _ WIP # user_data = ec2.UserData.custom # One in the public subnet webserver01 = ec2.CfnInstance( self, id="WebServer01", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=web_subnet.ref, key_name="proton_mail_kp", security_group_ids=[sg_public.ref], tags=[core.CfnTag(key="Name", value="WebServer01")]) appserver01 = ec2.CfnInstance( self, id="AppServer01", image_id="ami-0de9f803fcac87f46", instance_type="t2.micro", subnet_id=app_subnet.ref, key_name="proton_mail_kp", security_group_ids=[sg_private.ref], tags=[core.CfnTag(key="Name", value="AppServer01")])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here # vpc network vpc = aws_ec2.CfnVPC(self, 'VPC', cidr_block='10.0.0.0/16', enable_dns_hostnames=True, enable_dns_support=True, instance_tenancy='default', tags=[core.CfnTag(key='Name', value='vpc')]) internetgateway = aws_ec2.CfnInternetGateway( self, 'internetgateway', tags=[core.CfnTag(key='Name', value='internetgateway')]) aws_ec2.CfnVPCGatewayAttachment( self, 'VPCGatewayAttachment', vpc_id=vpc.ref, internet_gateway_id=internetgateway.ref) networkacl = aws_ec2.CfnNetworkAcl( self, 'NetworkAcl', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='networkacl')]) aws_ec2.CfnNetworkAclEntry(self, 'NetworkAclEntry01', network_acl_id=networkacl.ref, protocol=-1, rule_action='allow', rule_number=100, cidr_block='0.0.0.0/0', egress=True) aws_ec2.CfnNetworkAclEntry(self, 'NetworkAclEntry03', network_acl_id=networkacl.ref, protocol=-1, rule_action='allow', rule_number=100, cidr_block='0.0.0.0/0', egress=False) # public network publicsubnet01 = aws_ec2.CfnSubnet( self, 'publicsubnet01', cidr_block='10.0.0.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name', value='publicsubnet01')]) publicsubnet02 = aws_ec2.CfnSubnet( self, 'publicsubnet02', cidr_block='10.0.1.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name', value='publicsubnet02')]) publicsubnet03 = aws_ec2.CfnSubnet( self, 'publicsubnet03', cidr_block='10.0.2.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name', value='publicsubnet03')]) publicroutetable01 = aws_ec2.CfnRouteTable( self, 'publicroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='publicroutetable01')]) publicroutetable02 = aws_ec2.CfnRouteTable( self, 'publicroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='publicroutetable02')]) publicroutetable03 = aws_ec2.CfnRouteTable( self, 'publicroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='publicroutetable03')]) aws_ec2.CfnRoute( self, 'publicroute01', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable01.ref, ) aws_ec2.CfnRoute(self, 'publicroute02', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable02.ref) aws_ec2.CfnRoute(self, 'publicroute03', destination_cidr_block='0.0.0.0/0', gateway_id=internetgateway.ref, route_table_id=publicroutetable03.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'publicsubnetroutetableassociation01', route_table_id=publicroutetable01.ref, subnet_id=publicsubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'publicsubnetroutetableassociation02', route_table_id=publicroutetable02.ref, subnet_id=publicsubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'publicsubnetroutetableassociation03', route_table_id=publicroutetable03.ref, subnet_id=publicsubnet03.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'publicSubnetNetworkAclAssociation01', network_acl_id=networkacl.ref, subnet_id=publicsubnet01.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'publicSubnetNetworkAclAssociation02', network_acl_id=networkacl.ref, subnet_id=publicsubnet02.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'publicSubnetNetworkAclAssociation03', network_acl_id=networkacl.ref, subnet_id=publicsubnet03.ref) # private network privatesubnet01 = aws_ec2.CfnSubnet( self, 'privatesubnet01', cidr_block='10.0.11.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name', value='privatesubnet01')]) privatesubnet02 = aws_ec2.CfnSubnet( self, 'privatesubnet02', cidr_block='10.0.12.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name', value='privatesubnet02')]) privatesubnet03 = aws_ec2.CfnSubnet( self, 'privatesubnet03', cidr_block='10.0.13.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name', value='privatesubnet03')]) privateroutetable01 = aws_ec2.CfnRouteTable( self, 'privateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='privateroutetable01')]) privateroutetable02 = aws_ec2.CfnRouteTable( self, 'privateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='privateroutetable02')]) privateroutetable03 = aws_ec2.CfnRouteTable( self, 'privateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='privateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation( self, 'privatesubnetroutetableassociation01', route_table_id=privateroutetable01.ref, subnet_id=privatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'privatesubnetroutetableassociation02', route_table_id=privateroutetable02.ref, subnet_id=privatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation( self, 'privatesubnetroutetableassociation03', route_table_id=privateroutetable03.ref, subnet_id=privatesubnet03.ref) eip01 = aws_ec2.CfnEIP(self, 'eip01', tags=[core.CfnTag(key='Name', value='eip01')]) eip02 = aws_ec2.CfnEIP(self, 'eip02', tags=[core.CfnTag(key='Name', value='eip02')]) eip03 = aws_ec2.CfnEIP(self, 'eip03', tags=[core.CfnTag(key='Name', value='eip03')]) natgateway01 = aws_ec2.CfnNatGateway( self, 'natgateway01', allocation_id=eip01.attr_allocation_id, subnet_id=publicsubnet01.ref, tags=[core.CfnTag(key='Name', value='natgateway01')]) natgateway02 = aws_ec2.CfnNatGateway( self, 'natgateway02', allocation_id=eip02.attr_allocation_id, subnet_id=publicsubnet02.ref, tags=[core.CfnTag(key='Name', value='natgateway02')]) natgateway03 = aws_ec2.CfnNatGateway( self, 'natgateway03', allocation_id=eip03.attr_allocation_id, subnet_id=publicsubnet03.ref, tags=[core.CfnTag(key='Name', value='natgateway03')]) aws_ec2.CfnRoute(self, 'privateroute01', destination_cidr_block='0.0.0.0/0', nat_gateway_id=natgateway01.ref, route_table_id=privateroutetable01.ref) aws_ec2.CfnRoute(self, 'privateroute02', destination_cidr_block='0.0.0.0/0', nat_gateway_id=natgateway02.ref, route_table_id=privateroutetable02.ref) aws_ec2.CfnRoute(self, 'privateroute03', destination_cidr_block='0.0.0.0/0', nat_gateway_id=natgateway03.ref, route_table_id=privateroutetable03.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'privateSubnetNetworkAclAssociation01', network_acl_id=networkacl.ref, subnet_id=privatesubnet01.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'privateSubnetNetworkAclAssociation02', network_acl_id=networkacl.ref, subnet_id=privatesubnet02.ref) aws_ec2.CfnSubnetNetworkAclAssociation( self, 'privateSubnetNetworkAclAssociation03', network_acl_id=networkacl.ref, subnet_id=privatesubnet03.ref) # isolate network ''' isolatesubnet01 = aws_ec2.CfnSubnet(self, 'isolatesubnet01', cidr_block='10.0.21.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1a', tags=[core.CfnTag(key='Name', value='isolatesubnet01')]) isolatesubnet02 = aws_ec2.CfnSubnet(self, 'isolatesubnet02', cidr_block='10.0.22.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1c', tags=[core.CfnTag(key='Name', value='isolatesubnet02')]) isolatesubnet03 = aws_ec2.CfnSubnet(self, 'isolatesubnet03', cidr_block='10.0.23.0/24', vpc_id=vpc.ref, availability_zone='ap-northeast-1d', tags=[core.CfnTag(key='Name', value='isolatesubnet03')]) isolateroutetable01 = aws_ec2.CfnRouteTable(self, 'isolateroutetable01', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='isolateroutetable01')]) isolateroutetable02 = aws_ec2.CfnRouteTable(self, 'isolateroutetable02', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='isolateroutetable02')]) isolateroutetable03 = aws_ec2.CfnRouteTable(self, 'isolateroutetable03', vpc_id=vpc.ref, tags=[core.CfnTag(key='Name', value='isolateroutetable03')]) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation01', route_table_id=isolateroutetable01.ref, subnet_id=isolatesubnet01.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation02', route_table_id=isolateroutetable02.ref, subnet_id=isolatesubnet02.ref) aws_ec2.CfnSubnetRouteTableAssociation(self, 'isolatesubnetroutetableassociation03', route_table_id=isolateroutetable03.ref, subnet_id=isolatesubnet03.ref) aws_ec2.CfnSubnetNetworkAclAssociation(self, 'isolateSubnetNetworkAclAssociation01', network_acl_id=networkacl.ref, subnet_id=isolatesubnet01.ref) aws_ec2.CfnSubnetNetworkAclAssociation(self, 'isolateSubnetNetworkAclAssociation02', network_acl_id=networkacl.ref, subnet_id=isolatesubnet02.ref) aws_ec2.CfnSubnetNetworkAclAssociation(self, 'isolateSubnetNetworkAclAssociation03', network_acl_id=networkacl.ref, subnet_id=isolatesubnet03.ref) ''' # output core.CfnOutput(self, 'output01', value=vpc.ref, description='vpcid', export_name='vpcid01') core.CfnOutput(self, 'output02', value=publicsubnet01.ref, description='publicsubnet01', export_name='publicsubnet01') core.CfnOutput(self, 'output03', value=publicsubnet02.ref, description='publicsubnet02', export_name='publicsubnet02') core.CfnOutput(self, 'output04', value=publicsubnet03.ref, description='publicsubnet03', export_name='publicsubnet03') core.CfnOutput(self, 'output05', value=privatesubnet01.ref, description='privatesubnet01', export_name='privatesubnet01') core.CfnOutput(self, 'output06', value=privatesubnet02.ref, description='privatesubnet02', export_name='privatesubnet02') core.CfnOutput(self, 'output07', value=privatesubnet03.ref, description='privatesubnet03', export_name='privatesubnet03')